package ascloud.auth.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.session.HttpSessionEventPublisher;

@Configuration
public class SecurityConfig {

	@Bean
	SecurityFilterChain filterChain1(HttpSecurity http) throws Exception {
		// @formatter:off
		http
			.authorizeHttpRequests(authorize -> authorize
				.requestMatchers("/actuator/**", "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html").permitAll()
				.requestMatchers(HttpMethod.GET, "/user/info").hasAuthority("SCOPE_springdoc.read")
				.anyRequest().authenticated())
			.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer
				.jwt(Customizer.withDefaults()));
		// @formatter:on
		return http.build();
	}

	@Bean
	HttpSessionEventPublisher httpSessionEventPublisher() {
		return new HttpSessionEventPublisher();
	}

}
